Thanks to visit codestin.com
Credit goes to github.com

Skip to content

upload-sarif: token input doesn't work #2386

New issue
New issue
Open
Open
upload-sarif: token input doesn't work#2386
Labels
questionFurther information is requested
@jesus-linares

Description

@jesus-linares
jesus-linares
opened on Jul 24, 2024

I have this step in a workflow and it works:

      - name: "Upload Trivy scan results to GitHub Security tab"
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: '${{ env.trivy_output_file }}'
          category: 'trivy-image-${{ matrix.image }}'

but it doesn't work if add the token argument:

      - name: "Upload Trivy scan results to GitHub Security tab"
        uses: github/codeql-action/upload-sarif@v3
        with:
          token: ${{ secrets.MY_TOKEN }}
          sarif_file: '${{ env.trivy_output_file }}'
          category: 'trivy-image-${{ matrix.image }}'

This is the error:

Uploading results
  Processing sarif files: ["trivy-test-yellow.sarif"]
  Validating trivy-test-yellow.sarif
  Combining SARIF files using the CodeQL CLI
  Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs
  Uploading results
  Warning: Not Found
  Error: Not Found
Debug 
Uploading results
  Processing sarif files: ["trivy-test-yellow.sarif"]
  Validating trivy-test-yellow.sarif
  Combining SARIF files using the CodeQL CLI
  Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs
  ##[debug]Validating that each SARIF run has a unique category
  ##[debug]Serializing SARIF for upload
  ##[debug]Compressing serialized SARIF
  ##[debug]Raw upload size: 542 bytes
  ##[debug]Base64 zipped upload size: 472 bytes
  ##[debug]Number of results in upload: 0
  Uploading results
  Warning: Not Found
  Error: Not Found
  ##[debug]Sending status report: {"action_name":"upload-sarif","action_oid":"unknown","action_ref":"v3","action_started_at":"2024-07-24T13:50:22.018Z","action_version":"3.25.13","analysis_key":".github/workflows/build new.yml:build","commit_oid":"f26f5724a7c97d43f52ce8d4c9c0ed09b5eeba51","first_party_analysis":false,"job_name":"build","job_run_uuid":"","ref":"refs/heads/main","runner_os":"Linux","started_at":"2024-07-24T13:50:22.018Z","status":"failure","steady_state_default_setup":false,"testing_environment":"","workflow_name":"builed new","workflow_run_attempt":1,"workflow_run_id":100[77](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:78)937806,"actions_event_name":"workflow_dispatch","runner_available_disk_space_bytes":21029244928,"runner_total_disk_space_bytes":7[78](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:79)51254784,"cause":"Not Found","exception":"HttpError: Not Found\n    at /home/runner/work/_actions/github/codeql-action/v3/node_modules/@octokit/request/dist-node/index.js:86:21\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async requestWithGraphqlErrorHandling (/home/runner/work/_actions/github/codeql-action/v3/node_modules/@octokit/plugin-retry/dist-node/index.js:71:20)\n    at async Job.doExecute (/home/runner/work/_actions/github/codeql-action/v3/node_modules/bottleneck/light.js:405:18)","completed_at":"2024-07-24T13:50:22.[81](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:82)3Z","matrix_vars":"{\n  \"dockerfile\": \"Dockerfile-ok\",\n  \"image\": \"test/yellow\"\n}","runner_arch":"X64","runner_image_version":"20240721.1.0"}
  ##[debug]Node Action run completed with exit code 1
  ##[debug]CODEQL_ACTION_FEATURE_MULTI_LANGUAGE='false'
  ##[debug]CODEQL_ACTION_FEATURE_SANDWICH='false'
  ##[debug]CODEQL_ACTION_FEATURE_SARIF_COMBINE='true'
  ##[debug]CODEQL_ACTION_FEATURE_WILL_UPLOAD='true'
  ##[debug]CODEQL_ACTION_VERSION='3.25.13'
  ##[debug]CODEQL_ACTION_ANALYSIS_KEY='.github/workflows/build new.yml:build'
  ##[debug]CODEQL_WORKFLOW_STARTED_AT='2024-07-24T13:50:22.018Z'
  ##[debug]CODEQL_UPLOAD_SARIF_TRIVY_IMAGE_TEST_YELLOW__TRIVY='CODEQL_UPLOAD_SARIF_TRIVY_IMAGE_TEST_YELLOW__TRIVY'
  ##[debug]CODEQL_ACTION_JOB_STATUS='JOB_STATUS_FAILURE'
  ##[debug]Finishing: Upload Trivy scan results to GitHub Security tab

The secret is properly configured. If I change the secret value, I got "Bad credentials". I created this step to check the token and it works:

      - name: testing secrets
        env: 
          MY_TOKEN: ${{ secrets.MY_TOKEN }}
        run: |
          REPOSITORY=".../..."

          # Variables
          BASE_URL="https://api.github.com/repos/$REPOSITORY/code-scanning"

          HEADERS=(
            -H "Accept: application/vnd.github+json"
            -H "Authorization: Bearer $MY_TOKEN"
            -H "X-GitHub-Api-Version: 2022-11-28"
          )

          curl -Ls \
            -X GET \
            "${HEADERS[@]}" \
            "$BASE_URL/analyses?per_page=1"

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions